| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
AntiVirus Software
|
|
Spam
|
|
Worms
|
|
The Spread of the Witty Worm - CAIDA Contains an analysis of the spread of the Witty Worm, based on packets received by UCSD's "network telescope". Fairly interesting, since Witty exploited a firewall vulnerability that appeared in only a few hosts, and it (eventually) crashes the machines it runs on.
By Colleen Shannon, David Morre, 04/24/2004
|
|
An Analysis of the Slapper Worm Exploit Linux/Slapper spreads to Linux machines by exploiting the long SSL2 key argument buffer overflow in the libssl library, which the mod_ssl module of the Apache 1.3 Web servers used. When attacking a machine, the worm attempts to fingerprint the system by first sending an invalid GET request to the http port—port 80—and expecting Apache to return its version number, as well as the Linux distribution on which it was compiled with an error status.
By Frédéric Perriot and Peter Szor, 04/22/2004
|
|
Into the Darkness: Dissection and Explanation of Proven Attack Source Code As of October 17, 2002, the SANS / FBI Top Twenty Vulnerability List (Version 3.21) was led (on the UNIX side) by a group of vulnerabilities falling under the umbrella of the Remote Procedure Call. This paper will not attempt to advise the reader on how to protect against an RPC attack, nor lecture on the horrible effects of a successful RPC compromise. This paper was written for system administrators or junior programmers who know what an attack can do, but don’t know the ‘how’. The concept of overflowing a static buffer, cracking a weak password or sending a malformed packet is easy to explain in broad terms, but actually describing one step by step is not something I’ve been able to find readily accessible. The intent of this paper is to show the reader how an RPC attack works at the source code level. While in-depth programming experience is not a prerequisite for reading this paper, the reader is assumed to have a good working knowledge of general UNIX system internals.
04/15/2004
|
|
Plain English: Risks of Java Applets and Microsoft ActiveX Controls Although the technologies change, the same old issues seem to stay around. In the world of computer security, it is often the users with a new ‘need’ who push the network administrators for fewer restrictions. One of the latest examples of this can be seen in the discussion of whether or not to allow ‘mobile code’ through the firewall onto a secure company intranet. Users need the tools to complete their work but more and more applications are being built around web browsers using mobile code in to transfer and share information over the Internet. This paper discusses the differences between two types of mobile code, Microsoft ActiveX controls and Java Applets, and the security risks of both. Finally, the paper will gives alternative suggestions on what a can be done to allow some users to use mobile code, while not putting a secure intranet at risk.
04/15/2004
|
|
About Heuristics So what exactly is heuristics? Is it the perfect paranoiacs tool, proving the world really is out to get them? Or is it a digital hypochondriac seeing viruses everywhere? This paper will discuss what heuristics is, why we should use it, warts and all, and some ideas for how to use it best. Finally we’ll talk about how to be a good neighbor while using it, and wrap it up with a discussion on including heuristics in our antivirus policies.
04/15/2004
|
|
Encrypted E-mail: Close One Door, Open Another It is common knowledge that virus detection should be a part of any corporation’s security strategy. The threat of malicious code is an area of information security that is relatively well understood by the general population. However, with the introduction of more aggressive malicious code such as the Nimda virus, many corporations have realized that desktop virus scanning is necessary, but insufficient. With Nimda, the user does not even have to click on an infected attachment! Just opening the e-mail is enough to infect the computer in some cases. Detecting viruses before they enter the network, at the e-mail gateway for example, provides a much more proactive first line of defense. The use of server-based virus scanning techniques is part of an overall defense in depth strategy. One aspect of the virus threat that is not well understood is that server-based virus scanners cannot scan encrypted messages.
04/15/2004
|
|
Poly (morphic) Want a Server... or Runaway Worm I could have easily named this paper future exploits or something lame along those lines, but I find this subject to be not only fascinating but frightening at the same time from a security professionals point of view. With the explosion of high bandwidth Internet connections for consumers, and the implementation of tens of thousands of SOHO (small office, home office) networks, the possibilities for more far reaching attacks and its consequences are not a question of if but of how damaging they will be. I will be examining the concept of worm propagation, and what I see the future worm to look like, out in the wild. I also want to address what steps can be taken to limit its effectiveness. As I make my way through the SANS curriculum, I will be trying to gain the specialized knowledge, in understanding what to look for in preventing the attacks of the future.
04/15/2004
|
|
Network and System Planning - How to Reduce Risk on a Comprimised System This paper is going to highlight the Code Red Worm as a specific example of an attack. It will demonstrate how a network can be setup to help limit exposure to it and other similar attacks. It will also look at how a network can be designed to reduce the chance of it being infected, and then go a step further to show how to limit the risk associated when one of the systems has become infected. It will touch briefly on hardening, as well as network and firewall configuration. While it will relate to most any attack, I will look specifically at the Code Red Worm as an example, showing how it infected systems and what could have been done to limit its ability to attack and them, and show how the systems could be setup to reduce the risk of exposing their data if they have been compromised.
04/15/2004
|
|
The Mechanisms and Effects of the Code Red Worm It is common for viruses, hacker attacks and system vulnerabilities to make the evening news on an almost weekly basis. Web sites such as SANS and CERT are updated daily with new viruses, worms and security holes. It has become a difficult task for system administrators to keep up with the task of securing their systems. Not only must they know about the constantly changing vulnerabilities that are present in software and hardware, but they must also continue to monitor for attacks, patch for new viruses and control access of internal users. Exploits can come in many forms. Viruses such as “I Love You” and “Melissa” can affect individual computers and web traffic through launching email attachments with malicious code. Denial of Service attacks send traffic to flood servers and bring them down.
04/15/2004
|
|
Windows Remote Buffer Overflow Vulnerability and the Code Red Worm The following paper is about the Windows Remote Buffer Overflow Vulnerability and the Code Red Worm. I chose this topic because I wanted to inform others of this very real and dangerous threat. I wrote my paper in past tense because Code Red should be all but gone by the time my paper is posted. There will still be a few systems out there that are not patched and are still vulnerable to this worm, however the majority of systems are patched and there should be no imminent threat. To the best of my knowledge the information in my paper is correct as of September 10, 2001.
04/15/2004
|
|
Page: 12 3 45678910 |
